A study of cybercrime economics shows that peddlers of rogue antivirus scams rely on legitimate banks to run their businesses, carefully ensuring that the volume of chargebacks they incur stay just on the right side of being flagged-up as obviously fraudulent.
Researchers from the University of California in Santa Barbara …

COMMENTS

Title

>To avoid this, support personnel for scareware firms occasionally give refunds – but only up until the point their rate of chargebacks has dropped again<

Well surely a recurring pattern of refunds as the chargebacks approach red overload makes it obvious something is amiss. After all, all financiers are math heads and the big thing about numbers is seeing patterns in the chaos. But of course, the banks make money out of every conceivable transaction (£20 for a letter), so of course they're going to ignore a successful company, even if their job is fleecing people... Sorry, confused bankers with 'scareware scumbags' - fnord.

@Tony

== Only a minority – estimated at one in 10 users – of the 2.3 million purchasers of fake antivirus software during the two-year study ever complained. An even smaller percentage tried to initiate a chargeback ==

Presumably if banks began to profile chargeback activity, fraudsters could refund all chargebacks. Question is, do they stop being fraudsters at that point?

That's what I'm wondering...

If greater than 90% of customers never ask for a refund... giving a refund to anyone who asks is good business sense. Never mind not having to track chargebacks at that point, you'll have 'good customer relations,' and might even get an award...

RE: Sorry, confused bankers with 'scareware scumbags'

Why ?

I really can't understand why the bank's can't just block these transactions? Just as the phone companies never seemed to be able to block the spurious phone charges run up by auto dialers?

I know that the companies own interests kick in here, in the case of the credit card company the percentage rake back from the vendor, just as the phone company would get a percentage of the phone call before passing onto the auto dialer. But .......

It's not that easy..

The problem is that you are asking a bank or credit provider to ask as judge and jury, with all the resultant liabilities. The argument that "they make money anyway" is actually not valid for the company providing the credit line as a refund process costs a lot more than an actual transaction brings in revenue.

There is also another problem: those who *are* in the position to do something about fraud centrally are exactly the ones who will not do so - the card network (VISA; Mastercard; AMEX et al). Because here you are right: they make a profit on every transaction, fraudulent or not. They don't suffer the cost of fraud - they just elevate transaction costs to offset the loss.. That's the main reason why I will never go even close to any RFID (NFC) based payment service - they don't care that you can read that chip from a good 30m if you have a decent transceiver and aerial..

Do we want payment processors judging this?

Everyone freaked out when payment processors 'chose' (after governmental pressure) to stop working with WikiLeaks, is this much different from a procedural standpoint? We know who's a scam and who's not, but does that mean that the CC companies will, and will be able to reliably distinguish between the baddies and just normal operators?

Your argument is an example of the current behavior of these self interested . pocket lining greedy bastards. Screw their customers as long as they get their cut.

First accountability to the stockholders instead of the customers is the underlying flaw in modern economics. (emphasis on LYING).

It is simply the institutionalization of the old monarch mandated "monopoly" system but without cutting in the monarch (screw him too!)

The banking/finance industry constantly advertises they are doing things for You their customer.

Bullshit. If they were they would have done somthing about this problem a long time ago.

As another poster noted. They know how to recognise this type of fraudwithout some outside group doing a study for them.

I worked with a guy in the phone industry in the USA who developed a method to detect fraudulent calling card charges ON THE FIRST CALL. It worked so well the manufacturer of the switching equipment invited him to their facility to educate them on it.

So YES I expect they should be looking for this type of fraud. For the benefit of their customers who are paying them to perform AND protect their transactions.

Banks

The researchers argue that credit card networks ought to do more to detect patterns of chargeback activity that are the hallmark of scareware firms, and to take action to protect both consumers and the overall integrity of financial service networks.

<sarcasm>

Why would the banks want to do this when they are making so much money?

</sarcasm>

The only way to change the banks behavior is to make the cost of doing business with these scamers more expenditure than not doing business with them.